Routing via 2 providers both with NAT

From: Tjardick van der Kraan (tjardick_at_vanderkraan.net)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 23:57:47 +0200

Hello,

We have a debian router/firewall which currently does masq via iptables
over a leased line and we want to add an ADSL line for non priority
traffic like occasional surfing etc.

the interfaces are defined as followed:

217.x.x.0/28 dev eth0 proto kernel scope link src 217.x.x.2
192.168.0.0/22 dev eth1 proto kernel scope link src 192.168.0.1
82.x.x.72/29 dev eth3 proto kernel scope link src 82.x.x.74

With 217.x.x.1 as the gateway on eth0 and
with 82.x.x.73 as the gateway on eth1

The leased line on 217 is allready working properly for some time now
but the adsl has been connected last week and now i am having
difficulties getting traffic from certain internal hosts to route out
over it.

In IPtables both eth0 & eth3 are set to do postroute masq.

ip route (apart from the above 3 networks) shows a default route:

default via 217.x.x.1 dev eth0

I have added to tables to the iproute2 config name leased and adsl.

~# ip route show table adsl
82.x.x.72/29 dev eth3 scope link
192.168.0.0/22 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 82.x.x.73 dev eth3

~# ip route show table leased
217.x.x.0/28 dev eth0 scope link
192.168.0.0/22 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 217.x.x.1 dev eth0

i added the 2 rules based on the from to the ip rule:

~# ip rule
0: from all lookup local
32764: from 217.x.x.2 lookup leased
32765: from 82.x.x.74 lookup adsl
32766: from all lookup main
32767: from all lookup default

For testing i wanted all traffice to still go over the leased line but
traffic from ip 192.168.1.247 to go over the adsl.

i tried both:

~# ip rule
0: from all lookup local
32763: from 192.168.1.247 lookup adsl
32764: from 217.x.x.2 lookup leased
32765: from 82.x.x.74 lookup adsl
32766: from all lookup main
32767: from all lookup default

and

~# ip rule
0: from all lookup local
32763: from 192.168.1.247 lookup adsl map-to 82.x.x.74
32764: from 217.x.x.2 lookup leased
32765: from 82.x.x.74 lookup adsl
32766: from all lookup main
32767: from all lookup default

 From external locations i can ssh in to the box via both the leased
line (217.x.x.2) and the ADSL(82.x.x.74) and further more we have put a
seperate box on the adsl connection with the 82.x.x.74 ip just to make
sure the ADSL connection works outgoing to.

So the main question what am i doing wrong/what should i change to be
able to have NAT working on both interfaces in a way that i can choose
via ip rule (or some other ruling system, maybe fwmark?) the outgoing
interface.

Kind regards,

Tjar***

Quantcast